Android has a Linux kernel and uses it's stack.
As a person in the field I can tell you that the IoT is not just smart lights. There are starting to appear smart sensors or even car infotainments which are Linux inside. Sure, car infotainments are not controlling the engine power or throttle but it is for sure requesting engine start up or displaying the glass cockpit in modern cars. Otherwise how do you think you can turn on the car with the new fancy app?
From what I see we are going back from general computers running an old version of windows xp or red hat into special purpose Linux system on a module devices.
Infotainment isn't well isolated from the more important parts of the car which use the same bus.
For example I recall reading there was an example of a car which wouldn't trigger collision avoidance during a phone call because it was erroneously triggering the breaks to a very small degree and the logic was not to trigger the breaks when the user was already braking.
There is every reason to believe security is as mediocre on cars as elsewhere.
Android has a Linux kernel, but uses a totally different bluetooth stack called Bluedroid, and speaks raw HCI to the controller, bypassing all bluetooth drivers in the kernel.
From what I see we are going back from general computers running an old version of windows xp or red hat into special purpose Linux system on a module devices.